1st International ICST Workshop on Security and Privacy in Mobile Health Care

Research Article

Security and privacy in a wireless remote medical system for home healthcare purpose

  • @INPROCEEDINGS{10.1109/PCTHEALTH.2006.361658,
        author={Yousef  Jasemian},
        title={Security and privacy in a wireless remote medical system for home healthcare purpose},
        proceedings={1st International ICST Workshop on Security and Privacy in Mobile Health Care},
        proceedings_a={PMHCS},
        year={2007},
        month={5},
        keywords={Bluetooth  Communication system security  Data privacy  Data security  Electrocardiography  GSM  Medical services  Patient monitoring  Real time systems  Telemedicine},
        doi={10.1109/PCTHEALTH.2006.361658}
    }
    
  • Yousef Jasemian
    Year: 2007
    Security and privacy in a wireless remote medical system for home healthcare purpose
    PMHCS
    ICST
    DOI: 10.1109/PCTHEALTH.2006.361658
Yousef Jasemian1,*
  • 1: Center for Sensory-Motor Interaction (SMI), Department of Health Science and Technology, Aalborg University, Denmark.
*Contact email: Yj@hst.aau.dk

Abstract

The study investigates, assesses and evaluates data security and patients' privacy in a real-time wireless telemedicine system utilising GSM/GPRS, BLUETOOTH protocol, and a cellular phone. Fifteen non-risky heart patients, aged (49plusmn14) years (9 females, 6 male) were recruited. The ECGs were continuously monitored (72 h) and transferred anonymously; assigning each patient an identification number and monitoring start time and date, while the patients were performing their every day's indoors and outdoors activities. The data were collected and processed by a modem server at hospital. The server was assigned user-name and password, which were known only by the in charge health care personnel, and the ECGs were identified only by patients' id-number. Authentication, confidentiality and integrity of the data were tested for the risk of insertion attacks, client-to-client attacks and Misconfiguration. Results indicate that no access by unauthorised person was possible to neither mobile phone, nor the Bluetooth module which controls connection establishment and termination, data flow and dial-up communication. No access was possible for unauthorised person at server side and nor the ECG could be personalised. It is conluded that in the present setup, which clinical application is implemented in a small scale, the ECG data is secured and patients' privacy is achieved